IT for charity organisations

Charities have to operate at the lowest cost possible, and that includes the way they use IT. IT managers in the third sector have learned how to deploy cost-effective technology to support the critical work that charities and voluntary organisations do, and their experiences can offer relevant case studies for IT managers in other sectors.

News 24 Mar 2023
National Crime Agency sting operation infiltrates cyber crime market

The UK National Crime Agency has tricked thousands of potential cyber criminals into registering with a fake website pretending to offer tools for creating DDoS attacks Continue Reading
News 22 Mar 2023
AWS Imagine Grant launches in UK to fund charity cloud-based tech projects

The AWS Imagine Grant initiative has been running in the US for several years, with 66 charitable organisations receiving more than $6m in funding so far Continue Reading

News 21 Mar 2023

Ransomware gangs harass victims to ‘bypass’ backups

Analysis reveals how cyber criminal gangs are turning to extensive, targeted harassment campaigns to force victims to pay up, even if their backups are in good order Continue Reading
News 20 Mar 2023

BBC cracks down on TikTok after review

The BBC is asking staff not to install TikTok on corporate-owned devices without a justified business purpose, although its use will still be allowed to share media content with its audiences Continue Reading
News 17 Mar 2023

UK TikTok ban gives us all cause to consider social media security

The UK government’s ban on TikTok should give all organisations cause to look into what information social media platforms are collecting on us, and what they are using it for Continue Reading
News 16 Mar 2023

BEC attacks doubled in 2022, outstripping ransomware

Massive growth in the volume of Business Email Compromise or BEC attacks was linked to a surge in successful phishing campaigns, according to data from Secureworks Continue Reading
News 16 Mar 2023

Mandiant: Dangerous MS Outlook zero-day widely used against Ukraine

A zero-day vulnerability in Microsoft Outlook that was fixed in the March Patch Tuesday update has likely been actively exploited by Russian actors for a year or more, and its use will now spread rapidly Continue Reading
News 15 Mar 2023

Chinese Silkloader cyber attack tool falls into Russian hands

A loader tool used by Chinese cyber criminals seems to have been enthusiastically taken up in recent weeks by Russian ransomware operators Continue Reading
News 15 Mar 2023

Microsoft patches Outlook zero-day for March Patch Tuesday

A highly dangerous privilege escalation bug in Outlook is among 80 different vulnerabilities patched in Microsoft’s March Patch Tuesday update Continue Reading
Feature 14 Mar 2023

As Covid fades away, what’s the future of remote work in Europe?

Many IT leaders are still supporting some form of work from home, and a trend is beginning to take shape in Europe Continue Reading
News 13 Mar 2023

MI5 to oversee new National Protective Security Authority

The new National Protective Security Authority will address various national security threats including state-sponsored cyber espionage against UK targets Continue Reading
Opinion 28 Feb 2023

Security Think Tank: Training can no longer be a compliance exercise

Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting. Continue Reading
Opinion 27 Feb 2023

Cyber training in 2023 needs to drive measurable change

2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen Continue Reading
News 23 Feb 2023

WithSecure proposes ‘undo’ button for ransomware

WithSecure’s Activity Monitor technology supposedly overcomes the shortcomings of sandbox test environments, and may be able to stop ransomware attacks from ever happening Continue Reading
News 22 Feb 2023

Researchers find new bug ‘class’ in Apple devices

A group of vulnerabilities in Apple products that stem from the ForcedEntry exploit used by spyware firm NSO constitutes a whole new class of bug, say researchers at Trellix Continue Reading
News 22 Feb 2023

Half of cyber leaders to switch jobs by 2025, citing stress

A substantial number of cyber security leaders are plotting their great escape, saying the industry is leaving them too stressed to go on, according to a study Continue Reading
News 22 Feb 2023

Dutch cyber security professionals experience stress akin to soldiers in war zone, claims expert

Cyber attacks are taking a heavy toll on Dutch IT professionals, with over a third reporting that their mental health suffers as a result Continue Reading
Opinion 21 Feb 2023

Cyber security training: Insights for future professionals

Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian Continue Reading
Opinion 16 Feb 2023

Security Think Tank: New trends and drivers in cyber security training

Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading
News 15 Feb 2023

Multi-purpose malwares can use more than 20 MITRE ATT&CK TTPs

Report warns of the development of increasingly sophisticated, multi-purpose malwares, and calls on defenders to play close attention to the MITRE ATT&CK framework to ward them off Continue Reading
Opinion 15 Feb 2023

What charities should know about ransomware and reputational threats

The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back Continue Reading
News 15 Feb 2023

Microsoft fixes three zero-days in February update

February’s Patch Tuesday update contains fixes for three previously unpublicised zero-days in Microsoft Office, Windows Graphics Component and Windows Common Log File System Driver Continue Reading
News 14 Feb 2023

Vidar, nJRAT re-emerge as prominent malware threats in January

Trojans and infostealers once again dominate the list of most commonly observed threats, according to Check Point’s latest telemetry Continue Reading
Opinion 14 Feb 2023

How to protect your business from fraud during a recession

This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud Continue Reading
News 13 Feb 2023

KPMG launches metaverse and digital twin hub in Saudi Arabia

The Saudi Arabian government’s commitment to investing in metaverse technology has attracted a KPMG centre of excellence to its shores Continue Reading
News 13 Feb 2023

Security buyers lack insight into threats, attackers, report finds

The majority of cyber security purchasing decisions are made without proper insight into the attackers organisations are facing, according to a Mandiant report Continue Reading
Opinion 08 Feb 2023

Security Think Tank: Poor training is worse than no training at all

Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM Continue Reading
News 06 Feb 2023

The Security Interviews: How to overcome data protection compliance challenges

Complying with the vast swathe of data protection legislation around the world is complex, especially for smaller organisations without the necessary expertise. Could the compliance process be simplified, and if so, how? Continue Reading
Opinion 03 Feb 2023

Security Think Tank: In 2023, we need a new way to cultivate better habits

Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress Continue Reading
Opinion 02 Feb 2023

Security Think Tank: Getting the training and development mix right

Rob Dartnall, CEO at SecAlliance and chair of Crest’s UK Council, describes the need for formal, varied and continuous development in the cyber security sector Continue Reading
News 01 Feb 2023

UK Cyber Council and ISACA launch audit, assurance programme

The UK Cyber Security Council has teamed up with ISACA to partner on a new audit and assurance programme for security pros Continue Reading
News 27 Jan 2023

Hive ransomware gang taken down after FBI hacks back

The FBI hacked into Hive’s servers, stole its decryption keys and then took down its servers in a major action that has successfully disrupted a prolific and dangerous ransomware operation Continue Reading
News 25 Jan 2023

NCSC exposes Iranian, Russian spear-phishing campaign targeting UK

Spear-phishing campaigns likely linked to Iranian and Russian espionage activity are targeting persons of interest in the UK, warns the NCSC Continue Reading
News 25 Jan 2023

Boards struggle to resolve cyber risk in digital supply chains

Accelerated digitisation of supply chains is introducing more cyber risk for which many organisations seem unprepared, according to the BSI’s annual report on supply chain risk Continue Reading
News 24 Jan 2023

UK insurers need to up their game on cyber gaps, says PRA

Gaps and limitations in how insurers respond to cyber risk need to be addressed, according to the Bank of England regulator, the Prudential Regulation Authority Continue Reading
News 24 Jan 2023

SSRF attacks hit 100,000 businesses globally since November

There has been a dramatic increase in attacks exploiting the ProxyNotShell/OWASSRF exploit chains to target Microsoft Exchange servers Continue Reading
News 23 Jan 2023

NCSC warning over cyber risk to charity sector

Cash-strapped charities without the resource to tackle their resilience deficit are increasingly at risk from malicious actors, says the NCSC Continue Reading
News 17 Jan 2023

Claim IR35 reform repeal and U-turn cost the government ‘nothing’ called into question

After responding to a question about the cost of the government’s repeal of the IR35 reforms and its subsequent U-turn on the decision, the financial secretary has come under fire for claiming no additional costs were incurred by its flip-flopping Continue Reading
News 17 Jan 2023

Crest throws support behind CyberUp CMA reform campaign

Cyber accreditation association Crest International has lent its support to the CyberUp campaign for reform to the Computer Misuse Act of 1990 Continue Reading
News 11 Jan 2023

Microsoft fixes EoP zero-day on January Patch Tuesday

On the first Patch Tuesday of 2023, Microsoft fixed an elevation of privilege vulnerability in Windows Advanced Local Procedure Call, which has been actively exploited in the wild and may be co-opted into ransomware campaigns Continue Reading
News 10 Jan 2023

Insurer Beazley introduces catastrophe bond to ease cyber risk

Insurance company Beazley says that its $45m cyber catastrophe bond will help to protect its balance sheet and enable it to offer more cyber insurance cover Continue Reading
News 08 Jan 2023

Vulnerable organisations to get free Cyber Essentials support

Charities and legal aid firms are among those to be offered free security checks and certifications from the National Cyber Security Centre Continue Reading
News 04 Jan 2023

Diversity and inclusion figures high in New Year Honours List 2023

The New Year Honours List 2023 hailed those in the technology community who promote diversity and inclusion Continue Reading
News 30 Dec 2022

Top 10 information management stories of 2022

Data for good is a theme of the information management stories of 2022 selected here. From tracking space junk, through medical kits for Ukraine, to professionalising data science to benefit society Continue Reading
Feature 29 Dec 2022

Cyber security professionals share their biggest lessons of 2022

In the run-up to 2023, cyber security professionals are taking the time to reflect on the past few months and share their biggest lessons of 2022 Continue Reading
News 29 Dec 2022

Top 10 Nordic IT stories of 2022

Here are Computer Weekly's top 10 Nordic IT articles of 2022 Continue Reading
Opinion 29 Dec 2022

How does red teaming test the ultimate limits of cyber security?

An expert ethical hacker reveals how he goes about carrying out a red team exercise Continue Reading
News 22 Dec 2022

Top 10 cyber security stories of 2022

The war in Ukraine loomed large over the cyber security news agenda, but 2022 also saw growing awareness of open source security, discussion around cyber insurance, and more besides Continue Reading
News 22 Dec 2022

Top 10 cyber crime stories of 2022

Cyber crime continued to hit the headlines in 2022, with impactful cyber attacks abounding, digitally enabled fraud ever more widespread and plenty of ransomware incidents Continue Reading
News 20 Dec 2022

Four-day working week set to stay at Atom bank

Challenger bank Atom has formalised a four-day working week policy after a successful trial Continue Reading
Opinion 19 Dec 2022

Security Think Tank: 2022 brought plenty of learning opportunities in cyber

At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros Continue Reading
News 14 Dec 2022

Ethical hackers flex their muscles in 2022

Ethical hackers working through HackerOne programmes found 21% more vulnerabilities in 2022 than in 2021 Continue Reading
News 14 Dec 2022

Microsoft fixes two zero-days in final Patch Tuesday of 2022

December’s Patch Tuesday is typically a light month for Microsoft, and this year proved no exception, but there are still several critical issues worth addressing, and two zero-days for defenders to pore over Continue Reading
News 13 Dec 2022

EU issues draft data adequacy decision in favour of US

The European Commission has concluded that the United States does ensure an adequate level of protection for personal data transferred from the European Union and will now launch the process towards the adoption of an adequacy decision Continue Reading
News 13 Dec 2022

The nature of the CISO role will be in flux in 2023

As cyber risk outpaces organisational defences, and cyber attacks and breaches cause more and more damage, the nature of the CISO role is entering a state of flux, according to a report Continue Reading
Opinion 12 Dec 2022

Security Think Tank: Embrace prioritisation, people, imperfections

Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis Continue Reading
News 09 Dec 2022

Iranian APT seen exploiting GitHub repository as C2 mechanism

A subgroup of the Iran-linked Cobalt Mirage APT group has been caught taking advantage of the GitHub open source project as a means to operate its latest custom malware Continue Reading
Opinion 09 Dec 2022

Security Think Tank: 2022 changed how we thought about resilience

Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat Continue Reading
News 08 Dec 2022

Apple to tap third party for physical security keys

Apple is launching a number of new security protections, including the addition of third-party-provided hardware security keys Continue Reading
News 07 Dec 2022

Google, MS, Oracle vulnerabilities make November ’22 a big month for patching

Vulnerabilities affecting the likes of Google, Microsoft and Oracle proved particularly troublesome in November Continue Reading
Opinion 07 Dec 2022

Security Think Tank: As cyber pros, we need to articulate our needs better

There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham Continue Reading
News 06 Dec 2022

Don’t become an unwitting tool in Russia’s cyber war

Researchers have turned up evidence that enterprise networks are being co-opted by Russian threat actors to launch attacks against targets in Ukraine. How can you avoid becoming an unwitting tool in a state-backed attack? Continue Reading
Opinion 01 Dec 2022

Ransomware: Is there hope beyond the overhyped?

Up-and-coming cyber concepts attack surface management and security mesh architectures seem to hold some promise in tackling ransomware, but they are a little way off maturity Continue Reading
News 30 Nov 2022

Latest LockBit ransomware versions have wormable capabilities

Sophos researchers have reverse-engineered the Lockbit 3.0 ransomware, shedding new light on its evolving capabilities and firming up links with BlackMatter Continue Reading
Opinion 30 Nov 2022

Think technology, process, human risk to manage ransomware

Effective ransomware handling boils down to three core areas – technology, process and human risk Continue Reading
Feature 29 Nov 2022

How gamifying cyber training can improve your defences

Security training is the cornerstone of any cyber defence strategy. With ever-escalating online threats, it is now more important than ever that this training is an engaging experience Continue Reading
News 25 Nov 2022

Data management, backup becoming the CISO's responsibility

More and more CISOs are taking on responsibility for wider data management strategies, and this trend looks set to grow next year Continue Reading
Opinion 24 Nov 2022

Your staff are the frontline in your ransomware fight

As part of a solid cyber defence plan, the CISO must make sure that the frontline within the organisation is prepared for an attack, says Theodore Wiggins of Airbus Protect Continue Reading
News 22 Nov 2022

Ducktail spins new tales to hijack Facebook Business accounts

The increasingly active Ducktail cyber crime operation is refining its operations, seeking new methods to compromise its victims’ Facebook Business accounts Continue Reading
News 22 Nov 2022

C-suite mystified by cyber security jargon

Malware, supply chain attack, zero-day, IoC, TTP and Mitre ATT&CK are just some of the everyday terms that security pros use that risk making the world of cyber incomprehensible to outsiders Continue Reading
News 18 Nov 2022

Is Elon Musk’s Twitter safe, and should you stop using it?

With a litany of security and compliance issues exposed and in many cases caused by Elon Musk’s takeover of social media platform Twitter, some may be asking if it’s still safe or appropriate to use Continue Reading
News 18 Nov 2022

CyberPeace Institute helps NGOs improve their security resilience

Adrien Ogée of the CyberPeace Institute talks about his work supporting NGOs and humanitarian organisations, and how the security community at large can help protect the world’s most vulnerable people Continue Reading
News 17 Nov 2022

Brexit deregulation will make UK next Silicon Valley, vows Hunt

Chancellor vows to revolutionise how the IT industry is regulated to spur competition, investment and innovation in a technological ‘Big Bang’ Continue Reading
News 17 Nov 2022

Another Log4Shell warning after Iranian attack on US government

The breach of a US federal body by an Iranian threat actor exploiting the Adobe Log4j Log4Shell vulnerability has prompted a fresh flurry of patching Continue Reading
News 16 Nov 2022

Global network fragmentation a source of increasing risk

Risk consultancy’s report says the weaponisation of cyber space and geopolitical clashes herald a breakdown of global networks into distinct regional or national architectures Continue Reading
Opinion 16 Nov 2022

Security Think Tank: Ransomware defences: An extended to-do list

Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things Continue Reading
Opinion 14 Nov 2022

Security Think Tank: Let’s be transparent about ransomware

Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks Continue Reading
Opinion 11 Nov 2022

Cyber insurance: The good, the bad and the ugly

Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee Continue Reading
News 11 Nov 2022

Volume of self-reported breaches to ICO jumps 30%

The number of self-reported breaches to the UK’s Information Commissioner’s Office soared by nearly 30% in the 12 months to 30 June 2022 Continue Reading
Feature 11 Nov 2022

An encouraging new conversation around sustainable IT, says Nordic CIO

What started as a whisper a decade ago has become distinctly audible chatter among IT leaders sharing best practices on how to protect the environment Continue Reading
Opinion 11 Nov 2022

Security Think Tank: To stop ransomware, preparation is the best medicine

You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes Continue Reading
News 10 Nov 2022

ODI fuel poverty survey shows young adults most hard up

A fuel poverty data report and index from the Open Data Institute shows that young adults and people in multi-occupied accommodation are most at risk Continue Reading
News 09 Nov 2022

Microsoft serves smorgasbord of six zero-days

November’s Patch Tuesday fixes significantly fewer vulnerabilities of late, but includes six actively-exploited zero-days, three of them of critical severity Continue Reading
Opinion 09 Nov 2022

Security Think Tank: Anti-ransomware strategies should be as easy as ABC

When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated Continue Reading
Opinion 07 Nov 2022

To fight ransomware, we must treat digital infrastructure as critical

Ransomware defence is failing because we don’t view our digital infrastructure in the same way as our physical infrastructure, argues Elastic’s Mandy Andress Continue Reading
News 04 Nov 2022

Microsoft: Nation-state cyber attacks became increasingly destructive in 2022

The willingness of nation-state actors to conduct destructive cyber attacks is a source of grave concern, as Microsoft’s latest annual Digital Defence Report lays bare Continue Reading
Opinion 04 Nov 2022

Security Think Tank: Ransomware and CISOs’ balancing act

Ransomware has the potential to cause irreversible business damage, so CISOs should consider not only protection but also response and recovery Continue Reading
News 03 Nov 2022

Microsoft pledges $100m in new IT support for Ukraine

Microsoft will continue to offer free-of-charge technology support to Ukraine for the foreseeable future Continue Reading
Opinion 02 Nov 2022

Security Think Tank: Know your networks, know your suppliers

To combat the ransomware scourge, we must work harder to monitor and learn from the increasingly complex threat environment, keep a closer eye on supply chains, and share our insights Continue Reading
News 02 Nov 2022

How Prostate Cancer UK built its own message bus

The cancer charity received funding ring-fenced for modernising its data management – the funds were spent on a solutions architect and an ETL process Continue Reading
News 01 Nov 2022

A third of UK cyber leaders want to quit, report says

Nearly a third of UK security leaders are considering leaving their current role, and more than half are struggling to keep on top of their workload Continue Reading
News 31 Oct 2022

Prepare today for potentially high-impact OpenSSL bug

OpenSSL trailed a critical vulnerability patch last week, which will be only the second such flaw ever found in the open source encryption project. Unfortunately, the first was Heartbleed Continue Reading
Opinion 31 Oct 2022

Security Think Tank: Container security: why so different?

Done well, container security can be a model for securing the enterprise, and businesses that focus their teams on solving it can help accelerate positive change in other areas Continue Reading
Opinion 28 Oct 2022

How has container security changed since 2020, and have we taken it too far?

While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up Continue Reading
News 27 Oct 2022

LinkedIn adds new features to safeguard user privacy, security

Social media platform is adding a number of features and systems designed to protect legitimate users from inauthentic profiles and activity Continue Reading
News 25 Oct 2022

Apple patches new iPhone zero-day

Apple’s latest patch fixes yet another zero-day, as security issues keep surfacing in its mobile products Continue Reading
News 24 Oct 2022

Half of staff might quit after a cyber attack, report says

Findings from a survey of CISOs, IT leaders and staffers reveal how experiencing a cyber incident may take a larger-than-thought toll on employee retention Continue Reading
News 21 Oct 2022

Ukrainian and UK IT sectors to deepen collaboration, partnerships

BCS, the Chartered Institute for IT, and the IT Ukraine Association have signed an MoU to deepen collaboration between the UK and Ukrainian IT sectors, and champion new partnerships and growth opportunities Continue Reading
News 20 Oct 2022

Cyber professional shortfall hits 3.4 million

Shortage of cyber security professionals continues to grow and shows no signs of abating, says report Continue Reading
News 19 Oct 2022

Treat cyber crime as a ‘strategic threat’, UK businesses told

The government’s new National Cyber Advisory Board aims to help elevate cyber discussion and spur action in the business community Continue Reading
News 14 Oct 2022

Office 365 email encryption flaw could pose risk to user privacy

A vulnerability in Microsoft Office 365 Message Encryption could leave the contents of emails dangerously exposed, but with no fix coming it’s up to users to decide how at risk they are Continue Reading
News 12 Oct 2022

NCSC urges organisations to secure supply chains

NCSC’s latest guidance package centres supply chain security, helping medium to large organisations assess and mitigate cyber risks from suppliers Continue Reading